From 14f5350289952699697a909aea566721f3104bf1 Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Fri, 1 May 2026 09:37:11 +0530
Subject: [PATCH] Create test123.py

---
 test123.py | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 test123.py

diff --git a/test123.py b/test123.py
new file mode 100644
index 0000000..cb2fa6e
--- /dev/null
+++ b/test123.py
@@ -0,0 +1,9 @@
+# test_vuln.py — deliberately bad code
+import sqlite3
+
+def get_user(username):
+    conn = sqlite3.connect("users.db")
+    query = f"SELECT * FROM users WHERE name = '{username}'"  # SQL injection
+    return conn.execute(query).fetchone()
+
+SECRET_KEY = "hardcoded-secret-123"  # hard-coded secret